LendingCrowd has reported the data security incident to authorities and is communicating with the affected customers. While LendingCrowd has instructed customers to enable two-factor authentication in the wake of this breach, the incident raises the important question of why the financial services firm doesn’t already have 2FA and other strong authentication measures enabled for its customers by default.
Enabling two-factor authentication is great advice, but I wonder why LendingCrowd doesn’t enable it by default for its users – or at the very least for high-net-worth individuals. After all, this is a service that moves money around. We know that attackers are targeting financial services accounts, and we know that multi-factor authentication is VERY effective in preventing account takeover. User convenience is not a good excuse for not enforcing strong security. Face recognition, behavioral biometrics, and push technologies have gotten to a point where it’s really painless to layer on additional security and authentication technologies without hassling users.
Enabling two-factor authentication is great advice, but I wonder why LendingCrowd doesn’t enable it by default for its users – or at the very least for high-net-worth individuals. After all, this is a service that moves money around. We know that attackers are targeting financial services accounts, and we know that multi-factor authentication is VERY effective in preventing account takeover. User convenience is not a good excuse for not enforcing strong security. Face recognition, behavioral biometrics, and push technologies have gotten to a point where it’s really painless to layer on additional security and authentication technologies without hassling users.